Research shows that about 82% of data breaches in the UK involve a human element, including errors and misuse. These data breaches are part of a category known as accidental exposure, including inadequate security measures.
With tough penalties under the GDPR, there has never been a bigger incentive for businesses to get data security right and mitigate the risk of data breaches.
We have 10 simple tips that will help to improve your data security.
How to improve data security
- Familiarise yourself with your company's IT rules
- Be clear about your responsibilities
- Take extra care when taking data offsite
- Only access or transfer data via secure networks
- Only share information on a 'need to know' basis
- Understand and check document classifications
- Follow the password rules
- Only process work information via work devices
- If you're unsure how to protect your firm's data, ask
- Never conceal data losses or breaches
Accidental breaches often occur when employees share sensitive information via email or file sharing. This is due to unstructured data combined with a growth in the number of ways to communicate internally and externally.
10 Data security tips
1. Familiarise yourself with your company's IT rules
That includes all procedures and policies relating to information security, privacy and confidentiality. You can't fully protect yourself and your firm if you don't know what to do.
2. Be clear about your responsibilities
Know what data you are responsible for, what you are allowed to do with it and what you aren't. By knowing your responsibilities, you can take ownership of the data you handle.
3. Take extra care when taking data offsite
Only do this if it is absolutely essential; ensure that any data is encrypted or password-protected, and ensure that it's returned or deleted after use. Before sharing any data, it is important to encrypt it.
4. Only access or transfer data via secure networks
Accessing your company's network via unsecured networks, including public WiFi hotspots outside your office, will make you more vulnerable. Keep this in mind when accessing or sharing any data.
5. Only share information on a 'need to know' basis
Avoid forwarding data to groups of people, and take care typing email addresses to avoid sending data to the wrong recipient. Protecting the data you are responsible for is important, only distributing it to those who absolutely need access.
6. Understand & check document classifications
People in the same department or function may have different access rights, so check who is entitled to what and how documents are classified before sharing them. Use clear classifications such as Private, Confidential, and Public to grant privileges.
7. Follow the password rules
Use strong passwords and change them regularly; avoid sharing your password with anyone else, as your password may give others access to restricted information.
8. Only process work information via work devices
That means any information about your job, including emails, documents and instant messages. Avoid forwarding data to your personal email or smartphone or using personal devices and connections for printing etc.
9. Ask about protecting your firm's data
If you're unsure about how to protect your firm's data, ask how to go about it to ensure that you are taking all necessary steps to maximise cyber security. You can get more advice and support from the IT department or your manager if you need clarification.
10. Never conceal data losses or breaches
If you make a mistake, tell your manager or the IT department immediately so your firm can act quickly to limit its losses. There is nothing to be gained from hiding this information.
Want to learn more about Information Security?
We’ve created a comprehensive GDPR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of GDPR Courses.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.
